When did my test plan get deleted? Who deleted my test suite\test run?

When did my test plan get deleted? Who deleted my test suite\test run?

Rate This
  • Comments 13

If you are looking for answers to questions like above then read on.

It has been a frequent asks to have an easy way to figure out when a particular test artifact got deleted and by whom.

At present all this information goes in TFS collection database table ‘tbl_AuditLog’. But it’s not straightforward to interpret various columns available in this table. One has to take joins with various other tables present in different databases and still interpretation of some columns lies in code only. Thus it is very hard to get this information in human readable form.

To ease this effort, we have created a command line tool that makes this job a breeze.

Given a Team Project Collection Url, it will create a .csv file in which it will write complete audit log, replacing every entry with its corresponding interpretation.

 

Downloads:

1.  Visual Studio 2012 compatible bits of the tool -- Require Visual Studio 2012 or Team Foundation Server 2012 to be installed on the machine

2.  Visual Studio 2010 compatible bits of the tool -- Require Visual Studio 2010 or Team Foundation Server 2010 to be installed on the machine

3.  Source code

 

Usage of the tool:

Run following command in Visual Studio command prompt:

TFSLogs.exe auditlog /c:<Team Project Collection URL> /l:<.csv output file path>

 

Sample output of the tool:

pic

 

Permissions required to run the tool:

User should be a TFS admin and should be added on TFS Management Console – ‘Administration Console Users’ group.

 

Following are some important points to note: 

1. This tool will not work against hosted TFS because Audit log is not available in case of TFS on Cloud.

2. With time as more and more operations are performed on the TFS, number of entries in Audit log table will keep on increasing. Thus depending upon the size of the Audit log table, this tool may take some time to get the complete log. Hence it is advisable to run the tool on the machine in which TFS is installed.

3. You need to know the object id of the artifact that got deleted – there is no way to get the name of that particular object since it no longer exists in the database post delete.

 

Please try out this tool and let us know your views regarding it.

Leave a Comment
  • Please add 4 and 4 and type the answer here:
  • Post
  • Fab! Nice work Shyam. The community loves you :>

  • This is excellent..

  • very interesting!!

    This is what we are lookign for.....3K MTM users....Let me review this tool.-:)

    Thanks a ton!

  • OMG. Horrible - "User should be a TFS admin and should be added on TFS Management Console – ‘Administration Console Users’ group" WHAT ENTERPRISE LET'S USERS BE TFS ADMINS. Have you tried to run this against your devdiv TFS servers???? I bet you don't have ADMIN rights in production. Seesh! Also how can I prevent folks from being able to delete test suites? I want a DENY on test suites...the manage test plans permission is useless.

  • @Sam D:

    This tool is expected to be used by TFS admins only. The tool runs 'SELECT' SQL queries directly on Collection and Configuration databases which require these permissions.

    Permission model at 'Test Suite' level is in our backlog.

  • @mayur and @Sam D - could you please reply to me at nivban@microsoft.com. I would like to engage with you more on this topic.

  • Hey can you help on this , whenever i run this tool it give access denied on the folder for CSV file. why is it doing this and how to fix it???

    Thanks!

  • I have a question.  I've run this tool and in the action, object type and TFS identity has confusing entries.

    I'm seeing the following

    Action: Delete

    Object Type: TestSuite

    TFS Identity:  Unknown Identity (00000000-0000-0000-0000-000000000000)

    Where do I go from here? How can an unknown identity delete a test suite?

    Thanks

    -Shawn J>

  • @sjamisorc

    'Unknown Identity' signifies that the user identity no longer exists in the TFS.

    It can happen, for instance, for a user who has left the organization and her name has been removed from GAL.

  • That's scary since all of our TFS Accounts are AD users only and don't have a separate TFS user account.

    We assign AD user ID's to role based groups and assign the groups permissions in TFS.  No specific users permissions in TFS, AD groups only.

    If they can't login the domain they should not be able to get to TFS.  Even our service accounts are all AD accounts.

    This doesn't seem possible.  

    We've had entire test suites and results deleted by Unknown Identity and I would like to figure out who and how it happened.

    Any other suggestions?  

  • @sjamisorc

    Yes you are right that if a user cannot login to a domain then that user will not be able to access the TFS.

    What I want to convey is that, say, 'User 1', who was a valid TFS user, had deleted some test artifacts before she left the organization. But now after 'User 1' has left the organization her identity has been removed from AD.

    Now when TFSLogs.exe tries to fetch identity for this user, it does not get anything and hence it returns 'Unknown Identity'

  • When I  try to run the tool I am getting this error.

    AuditId, Date Modified, Action, Object Type, Object ID1, Object ID2, Team Project Name, TFS Identity, Comments

    Exception: Invalid column name 'ConnectionString'.

  • When ever i try to run the command i am getting the below error

    Possible reasons for failure include:

    #NAME? port number or protocol for the Team Foundation Server is incorrect.

    #NAME?

    #NAME?

    Technical information (for administrator):

    The remote server returned an error: (404) Not Found.

    but with the same URL i was able to connect and my TFS instance is working fine..

    I am using TFS 2013 is that cause any problem?

    Please suggest  ..

    Thanks

    Hem

Page 1 of 1 (13 items)